-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-20:18.getfsstat                                      Errata Notice
                                                          The FreeBSD Project

Topic:          getfsstat compatibility system call panic

Category:       core
Module:         getfsstat
Announced:      2020-09-02
Credits:        Rodrigo Rubira Branco (BSDaemon), Amazon Web Services
                Henrique L. Amorim, Independent Security Researcher
Affects:        FreeBSD 11.3 and 11.4
Corrected:      2020-06-20 04:39:52 UTC (stable/11, 11.4-STABLE)
                2020-09-02 16:22:14 UTC (releng/11.4, 11.4-RELEASE-p3)
                2020-09-02 16:22:14 UTC (releng/11.3, 11.3-RELEASE-p13)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

getfsstat(2) is a system call which provides information about mounted
filesystems.  The kernel provides compatibility system calls for old
versions of the interface.

II.  Problem Description

A bug in an internal interface used by getfsstat(2) compatibility system
calls could result in a free of an uninitialized pointer when getfsstat(2)
is called with an invalid argument.

III. Impact

A kernel panic can be triggered by an unprivileged user process.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an errata update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-20:18/getfsstat.patch
# fetch https://security.FreeBSD.org/patches/EN-20:18/getfsstat.patch.asc
# gpg --verify getfsstat.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/11/                                                        r362426
releng/11.4/                                                      r365254
releng/11.3/                                                      r365254
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:18.getfsstat.asc>
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9RQrhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKOPRAAqrEteXljHWfgMTSEYBzWkGD7cgZXICmoUzhYpownamVU2yhm3g547v23
+kwfGMZs/AAlkBRBMiNAVflEFJ9qCHfZjx/+1AVHzMRchIca5R0xukaO5MDBSgvS
0LmqZM/vdd/15pWp3ptMfX6eeUUyfjxxoe7XWTrfEBdgzo7EHTlHpMKdZ/jjx4Ju
M3t0rgC5KNMNs7N8CiKpDUU/S79eXBQZ/w8GK3q4HO4Y2WEw3ogbNl8RxrplTVFo
UWQTii14wmjPOLVjyRro2enggfqEQ6LdQCOxwI6IetQxELUbIOUEeUg4AUdBciqe
t3R6iSZTKkmqODTUmIYixZxJJztDNBESC44G1/qUOuinqE27CEqFCvgA9pS4sRtP
PxSrfTN/J0EPbcGL6uJ337I+m2cWsuyTToRDwTL3C87pguQpTk2OpQMNaXqUtKN7
FUmv7dJ30ybzHEBm3yEUEXSMYSH3YSmweic3ZfoWsAAH7OgbCKrE+DOidds2t7yM
ffjWyagXVEzLTydLABGBmYPUtFQbV5jKZTZxdyvRc3NtiyD3vGHO3Y8ZzUtUl5PC
HaHVHC1mUAJfeA3hlu29Ohf8p0Ukv/82ybMh9H2WlTC+VZklvUuUdDpRArgEpnzd
75kSLTF4k2egWpgrocoUqcaMbSLEB5uiVwMM0/5tm9ly3enk1Yc=
=r/H7
-----END PGP SIGNATURE-----
